diff --git a/data_bags/credentials/akkounts.json b/data_bags/credentials/akkounts.json
index d9461ef..6c754de 100644
--- a/data_bags/credentials/akkounts.json
+++ b/data_bags/credentials/akkounts.json
@@ -1,51 +1,65 @@
 {
   "id": "akkounts",
   "postgresql_username": {
-    "encrypted_data": "/Idxzq83imf6o6pbmFAk7bgxg69N7/1KNhgj\n",
-    "iv": "34BrmVmlxzuA7IJG\n",
-    "auth_tag": "VyLpWDshrOd417ZiY3432w==\n",
+    "encrypted_data": "l00Lmdbl5xNq07XU4XmcnRxXsIJaYyMQQ6xI\n",
+    "iv": "yxvL6hKwlVWmdMzl\n",
+    "auth_tag": "mMCV9ewJW/0TfVE76WBSZw==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "postgresql_password": {
-    "encrypted_data": "XqEmt+yu7mB6vBOUCT/5AtIptdUamfniz+PrFYCP0A==\n",
-    "iv": "2XdVUHkeeS1LHzMx\n",
-    "auth_tag": "mq0v9ikHD7pxTUrGO+VF9A==\n",
+    "encrypted_data": "Q6xWsH6bmI1GfMzme3mBRYrt3XmDwFJ7E4FjYg2Rrw==\n",
+    "iv": "jcQmuT7Jz3g3XE8d\n",
+    "auth_tag": "nNMvf9UmP6ikf1BW93QZIw==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "sentry_dsn": {
-    "encrypted_data": "u82JsPq5HvQRE2eWIbVp73LdqffyuTTylbURtM7XRJ6AXyKp1WD/iwVhNnL7\n/NKSWR24/u63WJCP4rXpW7293ZRU5UW/W3GwlOjNtbdxcaQ=\n",
-    "iv": "0GIV8v92dh4+Ma/Z\n",
-    "auth_tag": "XbuxPIZ5VxuMjw/f+usCgA==\n",
+    "encrypted_data": "V7cqlH2baN1Ix/ggQFeo9PY6dNKKpnDECaB1cO3XuCfy74oN2ot44nbpCQTA\nUl0+1LQv/qNn/L4gmJkqZfdIXZQqhR+iTc06UJxe3aTKJDw=\n",
+    "iv": "HJtdKYcApwaxhTXI\n",
+    "auth_tag": "qyIYK9h6nciJTFXBWOjVOA==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "rails_master_key": {
-    "encrypted_data": "31N79um4TTD0tuDurrZVztoSv0sxZ70paV7AhD8P4+lX8kUkfhiugCbdhst0\n12YP5v/8\n",
-    "iv": "l4qanaerdou8AApw\n",
-    "auth_tag": "yvkcM4on1EMm1LhmmZ+O+g==\n",
+    "encrypted_data": "KAl2Kgq1TXjOm4TNxGwZkPwJeOSNLbLLKiRdb4fTyBFfUhIGGeCS9VvV9kIb\n9sQZ6HLU\n",
+    "iv": "BBPvDNs6nBXDti5I\n",
+    "auth_tag": "yjM/0nyUwt+5SSGuLC5qWA==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "discourse_connect_secret": {
-    "encrypted_data": "Ebs8KVEA0r4nFxYNjxxZFUWndxwoKes/9ihEgqgKLN76t6yzCUONeJZBMl0G\nXLdI8A==\n",
-    "iv": "ob8KBWeoHXFlZ7Nk\n",
-    "auth_tag": "motppQbVEhg6qyKRYpqctA==\n",
+    "encrypted_data": "YHkZGzXeK3nDHaXt3JKmGtCcvMfgvv3yHbvS2C+CLKagOIOe+0+2/CiNuh4U\nxO1Pug==\n",
+    "iv": "SnUxDpIMQum8ySfN\n",
+    "auth_tag": "Ny6I+3EoCA1s74JLjjbbyQ==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "lndhub_admin_token": {
-    "encrypted_data": "I2hSF6X9L3OWbet5QWzrCyA3XyGFhFBgHh/uFr5dQ3RB\n",
-    "iv": "Kr8u2j5napFSamYc\n",
-    "auth_tag": "t93UNWomf+6WaZF7VVzTeQ==\n",
+    "encrypted_data": "dJHxB80Enwkm+2aNuIrp7lILAy2J5tQaChPJCl/BHwMo\n",
+    "iv": "zHLtD1jTIwvjMt1l\n",
+    "auth_tag": "IC0adEzsS5YF5YHqabWw2A==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "btcpay_auth_token": {
-    "encrypted_data": "0qesJ5KMvU2DlKdz7lExJWq0X9XYjpsqw61kLXWw4UNYwpNxPyFJSjbR9yKh\ntu0zMdtMB9Vur9izWBY=\n",
-    "iv": "gw2oAyeF2Kuvb3Em\n",
-    "auth_tag": "zMtos/E3e3XXeTlAY7o0lg==\n",
+    "encrypted_data": "YbM0HvgIijluKQBcgfKn6hmWvdbhr0ijR1xKc+BRZCZJsRaJBHTjCbwhH8T9\nVnBESruyjhxphtBetcc=\n",
+    "iv": "3107v/c2Tonx6/cP\n",
+    "auth_tag": "jnO9fvoXJW5gbDMRjkdMPA==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "s3_access_key": {
+    "encrypted_data": "PFjQKe1us12SNHlReQ4f0qctulPp4d2F3t5t+AGocp87PS/kZx77rtHQtruK\n",
+    "iv": "BGD8+XchqwPmhhwi\n",
+    "auth_tag": "XefaZKCVs8hotszALN+kxQ==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "s3_secret_key": {
+    "encrypted_data": "ziO35x8P1YMaSeenMNQoTWug62b5ZVLFlkMlJEFGnYjHK5qTAn6ir06WnMJC\n0zErzTZsPpcr7KpE/ipWgWHRy7qVbGnd6iVO4t9tf5NjiU2OXfA=\n",
+    "iv": "S3syCCxh2m+mylLu\n",
+    "auth_tag": "ZMkyBqXMXr3K3LGqxWvbtA==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   }
diff --git a/environments/production.json b/environments/production.json
index e80e3b7..12033e7 100644
--- a/environments/production.json
+++ b/environments/production.json
@@ -43,8 +43,9 @@
       "s3_web_root_domain": "web.s3.kosmos.org",
       "s3_web_domains": [
         "media.kosmos.chat",
-        "s3.kosmos.social",
-        "s3.community.kosmos.org"
+        "s3.accounts.kosmos.org",
+        "s3.community.kosmos.org",
+        "s3.kosmos.social"
       ],
       "xmpp_upload_bucket": "kosmos-xmpp-uploads"
     },
diff --git a/nodes/akkounts-1.json b/nodes/akkounts-1.json
index a183843..e97d59c 100644
--- a/nodes/akkounts-1.json
+++ b/nodes/akkounts-1.json
@@ -17,6 +17,7 @@
       "kvm_guest",
       "ldap_client",
       "sentry_client",
+      "garage_gateway",
       "akkounts",
       "postgresql_client"
     ],
@@ -26,6 +27,9 @@
       "kosmos_kvm::guest",
       "kosmos-dirsrv::hostsfile",
       "kosmos_sentry::client",
+      "kosmos_garage",
+      "kosmos_garage::default",
+      "kosmos_garage::firewall_rpc",
       "kosmos_postgresql::hostsfile",
       "kosmos-akkounts",
       "kosmos-akkounts::default",
@@ -43,6 +47,7 @@
       "postfix::_attributes",
       "postfix::sasl_auth",
       "hostname::default",
+      "firewall::default",
       "redisio::default",
       "redisio::_install_prereqs",
       "redisio::install",
@@ -76,6 +81,7 @@
     "role[kvm_guest]",
     "role[ldap_client]",
     "role[sentry_client]",
+    "role[garage_gateway]",
     "role[akkounts]"
   ]
 }
\ No newline at end of file
diff --git a/site-cookbooks/kosmos-akkounts/attributes/default.rb b/site-cookbooks/kosmos-akkounts/attributes/default.rb
index 0f4ca0c..0fc749e 100644
--- a/site-cookbooks/kosmos-akkounts/attributes/default.rb
+++ b/site-cookbooks/kosmos-akkounts/attributes/default.rb
@@ -19,3 +19,9 @@ node.default['akkounts']['lndhub']['api_url'] = nil
 node.default['akkounts']['lndhub']['public_url'] = nil
 node.default['akkounts']['lndhub']['public_key'] = nil
 node.default['akkounts']['lndhub']['postgres_db'] = 'lndhub'
+
+node.default['akkounts']['s3_enabled'] = true
+node.default['akkounts']['s3_endpoint'] = "http://localhost:3900"
+node.default['akkounts']['s3_region'] = "garage"
+node.default['akkounts']['s3_bucket'] = "akkounts-production"
+node.default['akkounts']['s3_alias_host'] = "https://s3.accounts.kosmos.org"
diff --git a/site-cookbooks/kosmos-akkounts/recipes/default.rb b/site-cookbooks/kosmos-akkounts/recipes/default.rb
index 558dc5b..9adc442 100644
--- a/site-cookbooks/kosmos-akkounts/recipes/default.rb
+++ b/site-cookbooks/kosmos-akkounts/recipes/default.rb
@@ -168,6 +168,20 @@ if rs_redis_host
   env[:rs_redis_url] = "redis://#{rs_redis_host}:#{rs_redis_port}/#{rs_redis_db}"
 end
 
+#
+# S3
+#
+
+if node['akkounts']['s3_enabled']
+  env[:s3_enabled] = true
+  env[:s3_endpoint] = node['akkounts']['s3_endpoint']
+  env[:s3_region] = node['akkounts']['s3_region']
+  env[:s3_bucket] = node['akkounts']['s3_bucket']
+  env[:s3_alias_host] = node['akkounts']['s3_alias_host']
+  env[:s3_access_key] = credentials['s3_access_key']
+  env[:s3_secret_key] = credentials['s3_secret_key']
+end
+
 #
 # Akkounts Deployment
 #